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ABSTRACT 



A multi-domain resource access control mechanism uses a 
single access control system to manage access by users to 
resources ; that belong to multiple domains. A serveT t 
associated with each domain inTset of domains^ ,o 

s^eTI fi W ^ d ° m / inS f Sov^ bv 10 accesTc^rol 
system. Afirst server for a first domain transmits a data token 
to a diem seetang access to a resource in a second domain. 
The client transmits the data token to a second server in the 
other domau.. The second server uses the data token to 
verify mat the user is authentic that is, authorized to access 
resources protected by the access control system. Set 
determining that the user is authorized to access resource? 
access control cookies are transmitted to client Whence' 
chen, requests access to a resource in the se^dTmaS 
and^e request did not include access control cookies for the 
second domain, data is transmitted to the browser causine it 

ensures thai l the user has been authenticated before trans- 
mitting the data token to the browser. In addition, the first 

utr.X^Tr'T' 5 ° f 8CCCSS control for the 

user to be stored for later transmission to the second server. 

28 Claims, 7 Drawing Sheets 
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MULH-DOMAIN ACCESS CONTRnr 2 

CONTROL *odule which may be invoked by and executed by a client 

RELATED APPLICATION process, a separate process that receives request; from otter 

Computer networks have become ubiquitous in business Kil T*™ to access 

industry, and education. Networks have Tl^ wVh^ .^^cate user. Users may log in either 

resources, such as application progra^sSpmvide Iff or nflT^. ' t ?— "** ,0 SCOeSS » n ^ system 

computing functions, which are available to dl ulere S system IQO^K ^ SUppUed by access 

opmcn. of the globally accessible, packet-swTtcSerS 20 Sri ^ ""^ a name •*> 

known as the Internet has enabled network^.,? . P^ord. Once the user is authenticated, an authenticated 

become available worldwide Deveto^^f „r £T™ '° SeSS1 ° D " 4ssociated with the user, and the user may men 

supphers and partners worldwide. Because some S£S ,h, E """v" ^ fa W b * a P rotected «° verify 
mfonnadon is valuable and sensitive, access Tit SuW £ S^T f"!^^" 1 Cookies are piecesof 

limited to selected users. Tims, mere is a neeo I uf Z£ ^ V""*" CTcatc ^ to a 

selective access information available over tbTwet *> SZSv," 11 ? bl0WSer 10 cookie and 

One approach to solving the foregoine nroblem ic ,„ b?Z^ ^seq««t requests to servers. Acookiemay 
protect a set of resource accessible P . 18 to , J assoclatcd a domain name used to identify the IP 

an access control a^SS^^^S^Si icVntffies * ! MV * r " A don,am name is an identffie^ th!u 
* a con*ination of software andT^TcoS^ llt nl^ °L°Z n C ^ * "'*— " E * am P les ° f 
manage aocess to a set of resources ennnr,-.^,^^ j 3S u 311165 are enCommerce.com' or 'uspto.eov' A 

Often, the access cJtrTn^hS t comm^Ji %ZZ£r^* M *«*^^<&» 
software, which is purchased as offX^rlf £!L I 7V * CtXSS 3 resource ' transmitting the cookies as 

vendors of access^Tme^^A ^ ^Thl do^" ^ '"^ - -SS 

source of informauon, identified bvVLnti£f u domaln «* the server, 

uniform resource locator ("URL") or ^ 2^,11 40 A doDMin oame may be used in an address that identifies 
("I?! address. A resource' prSed aclss 'SS uc.T^'^.f 8 For ««"P^ » *S Tm^bl 
system may be a static file (-page") conSninf Sd?2? " .'V-?^'^ reso,lre «s "sampIelFile.htm" and 
forming to the Hypertext M^I^SSc™?-)^." IS^m^" "l"* 1 * ^ "wvvw JemoSomam} 
dynamicaUy generated page created by based on ^Zl^^"' wbw '^Domain' is the domafo 

the Common Gateway Interface ("CGr^S of 4S server rtw maul name corresponds to the IP address o?a 
resources include a web page, a complete weTX ' SUppIy a rcsource - 

web-enabled database, and an applet. ' ' . Ad °fain is a set of resources which may identified by the 

FIG. 1 is a block diagram that depicts an exen.nl,™ S ^ >SiIa P k ^ htm' sample2Fileiitm' 

network architecture 100 Echoes aTy^ prS^ ^ 1x10,18 l ° thc sarac domaTlhe process 

an access control mechanism 101 pSaT^rk 5 ° * Wa 4 that identifies the 

architecture 100 includes a browser 110 SrfTI ZaT 8 * ^ ^ referred 45 aecessin 6 the 
communication link to a network 102 The block h r domam - 

^^'T***'*^™^™™^* b l^°JJ? , T i u Ser ^ a for access 

an equrvalent that executes a standard browser oroeram or - Bt " ho has ^ authenticated, the protected 

an equavalent, such as Netscape Na^gTto? Ke " ™™ ™™ cotecs" to Ok <C*£o( 

Explorer, or NCSA Mosaic. Network 102 LTCS 1, " ^ COn,rol ^ contain infor' 

mformauon communication network, preferably tefater ° to Venfy tbat a ^ has b «»> authenticated, and 

neLln alternate embodiments, the browse W0 ^ Si n ^ riv;■ 1 e O0nta,,, ^ ^ » ecifcs me ^ P ri ^S A 
processorchent worksution of any convenient typ^ and toe P 7 P *° aCOess a P articular resource. Access 

network 102 is a daU communLion network to 60 ^ ^ ^ ««VP^ ^ security^ 

transfer mformaton between the chent and a server tha^fa ^ . 

also coupled to the network. * A . m ajor drawback to a conventional access control sys 

The term server is used here to refer to one or more ^ 1 l^ a , t |,! , . ^ C ° atr ° lS 400655 t0 * 561 ^ and 
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3 A 
associated with the domain of the access 4 

When the browser requests accS loTotT^S ^^jHjcttd DESCRIPTION OF THE 

another domain, the access control cookies ZT^TJ? PREFERRED EMBODIMENT 

Ttuf^r* ey ^ Ci ^ tedwi,b,hcotl,Md °'n^- A method and apparatus for multiKlomain access control 
Tlus, each domam name used to deploy a set of servers or s Sys,em B describcd - «• following descrip^rf fo?S 
oTaT^T 1*?™ v*"*™** maintenance °I serous specific Ss are « 

siZll^^ ^k," 3 * 8dding ,0 016 CXpCaSC ° f T ° rdCr ,0 Provide a tboroughunderstandkgo^ £ 

securing resources accessible over a network. In addition P , resent mv «»tion. It will be apparent, however in n! 

S e^S , h nam6 ' r r T* ^ "seTmT; *> *c art that the present ge«£„ ma7bT P r2.i« d 

b^r ofTr^ y feP u lb0US l0gin P"*****. or the num- to Wlthom SP^ 0 details. In other instances, weU-known 
ber of dornatn names that may be used are limited by efforts s ^ ctures and «e shown in block chmamfoZin 

Based on the foregoing, it is clearly desirable to provide 
t^Sfff 00 Sy !, tenl 0,81 be used to manage access " G - 2 * 8 block diagram that depicts exemplary network 
SlL^u^ d ^ toy 1 MderfflU,ti P led ^^ » ^'ecure 200, a architecture wtuch incorSS 

SUMMARY OF THE INVENTION ^^i^- 

A mecbanosm thatjigesasm ^e access control system to 20 ^ffe^.^^rejn^Ja^^o^^ ^ ^ 

" a °ggg_£cce^byj^to7eg^ that belong tomulfa e m ^ om * m access control system. ^ 

J^^^S^aSgTraispe^ a server is ^^"^ architecture 200 includes browsers 

^^f^S^domajnjn^set of domains. Access to ^^^^^P 1 * 6 by^mmumcation link to 

Sfr-T ^Iv^aby an access control * ne J*°f-*»2 -.The. blocks shown for browsers 210may 

TheSf 5 ^ 8 ^ t0 ' ^^Jaiig^nddomafa. * at . " ecutes f stand «d Web browser program oT« 

The chent^smts the data token to alSoTCveTintoe f^^^ch as Netscape Communicator ^TlntenS 

SforX^ ^ ? e ° 0nd . KrVCr t»c dau token to E^ 0 ™ ^ 212 interact with browsers 210 to accS 

venfy tha the user is, authorized to access resources pro- ™ 202 ' Netw >* 102 *> « compa^ 

S y i5 a ,^ eSS « ntrol Once determining that 30 jT""' «>mmumcaUon network, preferably the Inter- 

SL& ^° nZed "5 400683 resources . wntrol ^i" ^'f?^ embodiments, a browser 210 is a client 

cookies are transmitted to client. process or chent workstation of any convenient type and I the 

According to another aspect of the present invention ° etw ° rk2 f 2 * a data communication network mat can 

when the client requests access to a resource! tTse^nd ^ "?<>™ton between the client and a server that* 

dornam, ^lhejeg ast .dgl not include" acceS S 35 C ° Upled to ^ nCtwolk - 

cook^s for the second domain, da^ tra^itted to the JS^** for Purees ("resource 

browser causing U to generate another request to the first ^ ^ 10 protected 205, which transmit the 

server. The first server ensures that tt^r hafb«o 50 *** » ^ «** who inS £ 

authenticated before transmitting the data token to toe T ™ a b ^! er 210 has been authenticated by acc^ 

browser. In addition, the first server may cause copies of 40 c ° Dtro ' svston ^ The requests may conform to. arite 

access control cookies for the user to be stored for later P °^^'?. a manner 1031 conforms to HTTP. Protected 

transmission to the second server. ^rver^g^hich include protected servers 240 260 280 

BRIEF DESCRIPTION OF THE DRAWINGS a^ntaX^S LtT^Z 7^ £2 

The present invention is illustrated by wav of e*. m «i, " 5 5* protected t*™ 1 * 205 may use one or more 

and not by way of limitation, in tb! If* L^cS" 7 7 , **** ""M jgg^m 
panying drawings and in which like reference numeralsrefcr hJT,* mav be addressed by a 

to amilar elements and in which: rcfcr d 9Si5Laime. Thus, each of protected servers 205 and the 

FIG. 1 is block diagram that denicts an . „ ^ may be accessed through the servers belong to 

saw . si^^^^- 

b,p , A . , shaL be explained in greater detail, 

manage til', " * at a P rocess «o To ^^mine whether a user is authorized to access tfa B 

ST. .""T" ^ d0nlainS; -source, aprotected server205 uses aSSn^kit 

manage accet , o 0W ""^ tha * **** a P rocess used to „ information derived from them to acc^S 

manage access to resources ,n multiple domains; » system 220. The access control cookies maTctnZ 

FIG. 4A is a flow chart that depicts a process used to ' DCryp,ed data whfch specify information used to verify that 

manage access to resources in multiple domains; fhe user is authentic. The protected server 205 may derive 

FIG. 4B is a flow chart that depicts a process used to mforma "° n «be cookies, and then transmit a request to 

manage access to resources in multiple domains; and 2 "f S . °° ntro1 svstem 120 to verify whether the user is 

nG^isablockdiagnimofacoaiputersystemthatmay SeT^ IT" 8 1 ^ ^^on derived from the 
be used to implement an embodiment . ^ as weU as the resource requested. Next, access 

controlsystem 120 respondsby transmitting back a message 
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specifying whether or not the user is authorized to access the m.m n • . 

resource or any other resource ^ Multi-Domain Token Server 208 verifies that a Multi 

"P™" 11 Token was issued from Multi-Domain Token Server 
COMPONENTS TO PROVIDE MULTI-DOMAIN w , . t ^ OU « h «* encryption technology. Because 

ACCESS Mulu-Domain Tokens are issued only for authenticated 

with a particular domain from which «x^fa^^mi, £ 208 15 *maU enough so that it may be 

ted. Subsequently, the user may^e^a^Tto io tT^^ ^ ^ tte ^ string u, an HTTP request, 

domain protected by access controTsystem^ JtaSSe SL^J? * <kta J transmiUed * Part of a resource 

when the browser transmits the reoueTto a JLh ~ ^ ^ iranstmtted regardless of the domain to which 

beloaging to the other d.mair, a^t t ro?cooktsfoT ST' 4 ^^^^^ 

user are not transmitted. A mechanist \3te^5c?t S„f ^T^^^'^^P^^ 

user has been authenticated without havuig^^e^ccL is £ iS^^S" P ^ ^ amoUnt <* «*■ ^ «°ay 

control cookies or causing the user to E <SnT be included in a URL string is limited. Because the URL 

Such a mechanism is provided bv trl fn»Z S rt ^ 1 T ans,nitted *» * resource request, when a 

nente of access controSnr SfpS,™ rT^- T^" Multl -? oma f, Token * included in a URL string, it will be 

242, Secondar y ^S"; 2 6 ^^^^^ A ^« , trM ? m,, . ted If Multi-Domain Token werTinSudTin a 

Domain Tol«7sWr 2TOT^e ' 20 I^V W ° Uld te «™*ported in a request for^ 

mafcoOTwite^^eh n ,hT^ ^ may be SCfVers to 1101113111 ^ated with the cookie 

-RS,SZSS^SZ^aSi^ r emb °^^ — 205 and access 

While each technique is different, there are «f ,h «r m^T.tf^" °' COmpuler In alteraate embodiments, one 

roles played in each by a comronVnt to* 25 0r , more ! hese ««rponents are distributed on separatewm- 

Further, different oonJiSTSi? coTpL^E; appr °f Ch security and pX 

Generally, in one embodiment, when a h™^ „ •. ST^^fS^S' "^P?***- Each of protected servers 

a request to a protec^ser^ r ° ' bXAfT^ ^ ^ Secondary Domain Agent and various other com- 

a Juamx in a domain *° k °f anserto lccess P 0061 " 5 ° f Access controner 220 may be located on an 

^^^^^f^^Vt *"— ? STat aCC6S L by eXtenlal — Multi-DomaTn 

i^SSro^tS ro/e" i^' ^ *~ *> P«*» * 

^JtJffitteiiticated^ ' muSt ta aocessible to users for whom authenticated 

mitsTo-MulBTDomain mTSSHW^ ^ control cookies cannot be provided. Accord^ 

"Multi-Domain Token." A Mrtti Domai ST - -* 1 " « Secondarv Domain Agents 262 and 282 are not protecS 

encrypted data item used to veS ^ u^Ll" nT* T" 1 ?? em ^ °" ^ other hand, P^marJ 

authenticated by Access Control SvsTem So^nrl^ ?E Domain Agent 242 is inherently protected. Because it is 

«^l-»iL«fcJ?SSS& a 12 B a 5 CrLT^: a,tempang ,0 — s Primal 
generates a Multi-Domain Token and mZk«T, domain Agent 242 must transmit access control cookies 

Primary Domain Agent 242 SUppheS « to ^ 45 wh.ch show that the user is authentic. If the browser doesn^t 

Doma^Tto^r ^ ™ ^ ^ Multi- by S^^S£^ ^ ^ ^ ^ 

22S2t «2XS5Mi^i^ 262^ D ° mai ^ e0t M2 ' Domain Agents 

connects to the Secondary Cm^ Agenl me ^ f", 31 " 1 ^ Md Multi-Domain Token Server 208 mfy be 
transmits a MjilliJiomainTol^Tm^nH,™ r^T 50 um,lemcn £ d » variety software technologies. For 

Agent. Thele^ar^o^S^SSr H'^^ 242, SecondarfoomaS 

MultiJXimdnaikcn^^seatsi,^^^^ ln ^™ et API plug ins. Multi-Domain 

•icated by acceTc^roirystem^ T ° ken .^i 08 ma y ^ written using software used to 

Multi-Domain Token Server 208 a message confirming that 55 ^ nGT2, compliant modules and objects. 

A^enf!^;^? n , a "* entica,ed . the Secondary Domain MULTI-DOMAIN ACCESS CONTROL 

Agent. ^ Wmain de P«a. part, one embodiment of a process for 

Mulu-Domain Token Server 20S ; n ^,^ . _ 60 ^P^menting a multi-domain access control system The 

fimcUons to sur^uS^ 2^0^^"^"^ 
functions to create a Multi-Domain Token «3w.^?!? " n " h the illustration, the cUents communicate 

^^ktn, S to KiB dg^Z^2^J^ 1 ' ^ n 8' heH ^P™toool.However,anyversioDofHrTP,or 
associated with a parlicukr domlS. S^SST o ^ 8U,UWc commilnic ation protocol may be used, 

domain. A list o/the trusted iStf hISM'S " mi^ 8 " ^ 3A * " Step 31 °' br0WSer Uans- 
Multi-Domain Token Server 208 by a rcsource "quest to protected server 260 for resource 

268, a protected resource. A protected resource is a rcsource 
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At step 314, protected server 260 deZines ^Zor wl™ ^^G-SMDA,! a trusted doma£ 
not access control cookies for the reaueaXtnmlL perform 1,115 determination, Primary Domain Acent 242 

transmitted to protected serve, 2W^1f Z^ sZSZSf ' ° f ^"IwS-Kta 

request transmitted in step 310. If access SnX^K fce ^u^HH^*? 242 ^nnines that 

were recerved, then the steps shown inTO 3A?nH^^ ,» nf^h^* domain is not a trusted domain, then execution 

deaying access to the T IT \ ^ Mulli - D ™ Token Server 208 receives the 

^pSel^^^-^-; ^C^ ftoCl «-^ 
^^-.^^^ 30 21^^^?°^^^^^ 

affsar^ r ^ nst 3k SKiS^*-"- ^ «— «* ««- 

thlrror ^S. D l tag - 1116 ta 8 includes data that specifies Referring to FIG 4B at steo aax « ^ 
value pans that are passed with the directed request 35 At step 432, to verify the M„i,i n • -r , 

1. ^e originally requested resourt. ***** ends. Otherw^c^l W^o " ~ 

2. The requested domain, that is, the domain of the 45 . ^ *<= previoushy stored access conteol cookies 
onginally requested resource. 5 ta *S? d * Cookie_Set_Jd > are transnS to 

*The Secondary Domain Agent. ^ main Ag««- It is no longer necesfa^ S 

At step 330, the W»£2SS553 ££51 * b ">™ *M <™smits the directed request 

whether access control cookies for itsdon^n T**™* »e originally requested resource. As a result nf 

noTZr 1', 1156 ^ UCSt ^-edTs^ 328 Tf 5S ^^1^^ ^ «^ «--«^3 ^ 

not, then control passes to step 332, where it is detambed IrJ^ secondar y ^mam agent 262 at step 444 the 

wherter the user is authentic. The step may ^ t 7«'« by browser 2I& 2»£ 

auStf 0 ' aUthcnhcati °8 users, including user/passw^ T " ^ n"" ° Dn «> n «k browser 210-1 may 

transmitted to browser 210-1 At sten 1^ t£ T ' ^UNIROL 

redirected to the Primary Domain ^S^OMwSsu of 12 "* 4H ^ain Agent 242 transmits copies 

the Primary Domain Agent 242 deceives the « " ^ CODtro1 «*« ^ived at step 328 to tte 

330.the^aryDoma MAgeal2 4 2determines , at _P ^^^^ 
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a resource in anotha^nisted Im^if .J;^ X ^ UeSt fof ff?* 550 ' 504 - A storage device 510, such as a 

re-executed, and these steps may becomeTcycte fcat^ inp^lnh a computer user. An input device 514, includ- 

repeated each time another trusted domain £ SLIT » 1^7"° ^ 0ther ke ^ » coupled to bus 502 for 

Repetition of the steps shown in FFfiS ^A^» ' k_ commuiuc ^g information and command selections to 

avoided by modifying ° S 3A-4B may be processor 504. Another type of user input device feasor 

s.= P 444. ^ert&t^b^^'^r n kevs^f such as a mouse, a trackball^ or cursed dUrectfon 

requested resource, the Second.™ fZl a , T^ 3 ' * ^ **, C °. imnumcatin K direcUon information and com- 

Ihe browser to u^S^S^J^T 20 xleai °<*."> Pressor 504 and £6: controUing cu^r 

Secondary Domain Agent in another trusted domain, tran* n. • ... 

mitung access control cookies to tfTtows^nT^ 25 . ™ e "^Uon ts related to the use of computer system 500 

Multi-Domain Token to the browL^^^^! for implementing the techniques described VrehTSrS 

until the browser receives acc^^tr JoooS r T^ EEZS?*""'* «he invention, those techmj^are 

trusted dorruuns, at which point the browser is redKctedt cS ^ t^ t^*' SyS ' Cm 500 m *> pro- 

thc ongmally requested resource. ueciea to cesser 504 executing one or more sequences of one or more 

For purposes of efficiency and failure handii™ u„ M £f IIUCUOns .contained in main memory 506. Such instruc- 

for the purposes of re^g a ^ b ^ ntr 2 > 3: ntIy ' 'fT**** to implement the invention. Thus" 

secondary Domain Agent ma? rto^S ™ ^ ^ emb P dlm f nts °// he ""ention are not limited to any specific 
access control cook^rronT Jy^p^ * ° f ""J™* 011 <>f hardware circuitry and software. ^ 

To avoid replicating access control cookies ,„ .11 „„i 40 „ f . . telm "^mp^'er-readable medium" as used herein 
of a Multi-Domain Token iWa seT of ,L P f ™ y *» Pupates in providing instruc- 

cookics for a user woutd cXSe stored ir/oT "r^ 10 P 1 ^ 0 '- 504 for CXeCUtion - ^ * may 

Specifically, in response to a^uetf to £re ^j££ mSi?^ ^ JF* 1 ** but 001 ^ to « non-volatile 
control cookies, a 1^4)omS?toS I 2 1^ , ^ aDd , transmission »cdia. Non-volatile 

erates a Multi-Domain Token £ 45 uclu dcs.;or example, optical or magnetic disks, such 

identifies the Multi-Domain Tbk« sSer A^n h " ^ 510 V)latfle Eludes dynamic 

Domain Agent requestors r«t^»n££?E? ^ fT" SUCh " main m6mo O' 506. Transmission^a 
Multi-Domain Se^^nS ^X^^^Z^ Z£* COa ^ 1 , cables ' «W wire and fiber optics, incS 

failed Multi-Domain Token Server 208 to the Primary cations. nd m&Med daU communi- 

tS^S^tS^^^^ Common forms of computer-readable media include, for 

in an operating MulukninSct W SKSS EH ' " ^ ^ 1 fle5dWe hsrd ^ 

generating another Multi-Domain^ToSaTwe^S ,t * ™SLT medium ' a CD-ROM, any other 

operating Multi-Don^ TokenServer ° P ,^ PUDChcards - l"P«t.pew any other physical 

WU L , !?o en,S ° f h0les ' a RAM' » PROM, and 
HARDWARE OVERVIEW EPROM, a FLASH-EPROM, any other memory chip or 

information, and a processor 504 coupled wftbTS for P«icessor 504 for execution. For example, the 

Pno^kton^CaB^^^^Z™ «s 0M m f y ^ ^ magnetic «4 of a 

a D ma ^ """ory 506, such L a rLdom^ccS? ZcmoTy ti^L ^ ^ ^"^can load the instruc- . 

(^oromerdynamic.oragedeWcc.^,3 
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^ daU °° «* -'ephoae line and 
S ^ ^ *ansunrter to convert the data to an infra-red 
*WuL . An infra-red detector can receive the data carried^ 

mstnicuons The instructions received by mail mern^sS 
1^ a da ' a communication connection to a corre^ 

trough the world wtde packet data communication ntS 
now commonly referred to as the "Internet" ««T! , 
network 522 and Internet 528 boS usfek^caf ele^ 

netwotK link 520 and through communication interlace 518 
which carry the digital data to and from compter 

A^TJ- SySt6m 500 «» xad "essages and receive 

woric hnk 520 and communication interface 518 In th,- 
taernet example. . server 530 might transmit a L£ s % 
code for an amplication n TOgrar n (Sough I " 

' , communication interface SIS !■ 

accordance with the invention, one such downS lapp!' 
canon unplements the techniques described hereto W 

The received code may be executed by processor 504 as 
it is received, and/or stored in storage devi« rSW al 
non-volatile storage for later «2Xo^2'££? 

will, however be evident that various modificationTaod 
changes may be made thereto without departinTfron\ me 
JfflSfcr spint and scope of the mventionrFor^T toe 
techniques described herein fo? multi-domain acS hat 
been illustrated using cookies. However, the tecSes £ 
applicable to any data item whose transporU,WbX«r^ 
cheni and servers is restricted to^ndfrom servS L, 
Wong to the ^ d ^ Qr , 0 jnj-te 

servers. Therefore, the specification and drawing are 
regaKiCd * - *«•»*» rauXaTa' 
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What is claimed is; 

1. A method of controlling access to a resource protected 
by an access conteol system that uses access control S 
mauon transmitted in conjunction with requests to access ue 
resource to determine whether access mav be J£uZ7 T 
method comprising the steps ot V pcnm " ed - 

a first server receiving a particular data item from a diem 
wherein said first server transmits and receives S 
control information generated by said access control 
system in first data items ^ 0 nlT^ism?tS 

S^i^ ° f 006 ° f m ° re server^d 2 
chent, wherem said particular data item- 

W d^™K C , d t0 ^ ^=nt from a second server that 
does not belong to said first class, and 

m a^2 a , user 015 bee° authenticated by said 
access control system; 

said first server determining that said user has been 
authenticated by said accels control sys^m bSed on 
said particular data item; and ° 
in response to said first server determining that said user 
may access said resource, transmiZ/access^on^ 

2. The method of clam, 1, further including the steps of- 

re ZZZ* reqUCSt ^ »* cEent to acoJsaid 

resource^ 

determining that said client did not transmit particular 
access control ^formation in conjunction with 

Ztta^' ta .r d 10 detennine -hetnefSd 
client may access said resource; and 

* ZT^. to f*™^ wat said chent did not transmit 
said particular access control information in conjunc- 
Uon wuhsaid first request, said first server cTusfnX 
chen to transmit a second request to said secondserver 
to determine access rights of said chent 

asss-'-'-*'-"' -- ek 

4. The method of claim 3, wherein said second server 

W S™h 8 SaW ^ h4S been »u«henticate?LTuL 
said second server causing said user to log-in to said ac«st 
contool system to be authenticated by Sd acceTcS 

code 'in'^to^ZZZZT 1 T?™* * rc< ' Ucstcd h,, 5 - ^ me ?° d ° f claim 3 ' wherein said second server 

526, local nerwoAm-S? 8 ^ 52 ». BP « de ^™»g 'hat said user has been authenticated indudL 

acconwJ 1 ? communication interface 518. Id ^ server determinino that said ^7h«TT 

STi^ one^downloaded app U- authenticated by said access control svstm.^ ^ ^ 
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. u ww mmi±jg uiai said u 

auOienhcated by said access control system 

6. The method of claim 5, wherein said second server 
determining that said user has been authenticated bfsdd 

rn'oT^r' * perfonned ^ examining one « 

more cookies that are associated with a domain name 

TtT 1 1^ ^ SCrVer °°< said Wr^r 

7. The method of claim 1, further including the steps of : 
causing said chent to transmit said particular data item to 

one or more other servers, wherein each other server of 

E£ T.° r T 0thef Se ' Vers «™«>*» oiher data 
fn^ ^ ^ y transm i tted be^ecn said client and 
_ another class of one or more server to which said each 
other server belongs; and 
each other server of said one or more other servers 
^mitung other access control information genlme^ 
by sari access control system in another dau item of 
said respective other data items 

of claim *' «* od &rth " 

reflects said access control information in said first data 
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J^^* 01 ** 1 » aorage mechanism lhat may be 
accessed by said first server; and 

said first server retrieving said second data item to gen- 
erate said first data item. 

9. The method of daim 8, wherein said storage mecha- 
msm K a particular server dedicated to generating dau items 
fcat each indicate that a particular user has been authenT 
cated by said access control system, the method further 

T, "? ° f •* ParticUlar «*« generating^ 
particular dau .tern in response to a request transmitted by 
said second server to said particular server * 
10/The method of claim 1. further mchlding ^ s|eps of . 
said second server transmitting a request for said partial- 
hx data , tern to a particular server dedicated to gener- 
ating data items that each indicate that a particular user 
has been authenticated by said access control system; 

said particular server generating said particular daU item 

and transmitting said particular data item to said second 
server. 

11. The method of claim 10. wherein the step of sail first 
server determining mat said user has been auftentictted by 
said access control system includes said firs, serve? trans* 

a TT 5 ' to aid particnlar x ™ verify that said 
SSS^ K ^ 3 ™< «*« 

12. The method of claim 1, wherein said first class of 
TomX™ tha * betong to ^ »« Particular 

13. The method of daim 12, wherein said second server 
belongs, seconov domain and not said particular domain. 

are cWL 6151 dau ite °* 

15. A computer-readable medium carrying one or more 
sequences of one or more bstructioris^ln^^ 

?JJ^°™~ by 40 access control system thaYuS 

access control information transmitted in conjunction with 
quests to access the resource to determine whether^ 

E^F^a?" ° DC OT morc of one or^orl 

instnicuons mcludmg instructions which when executed bv 

SmXs^^T ^ — processors to" 

a first server receiving a particular data item from a client, 
wherein said first server transmits and receives access 

"?T?T ^ Cra,ed ^ ^ access control 
system in first dau items that are only transmitted 
between a first class of one or more servers and said 
client, wherein said particular daU item- 
was transmitted to said client from a second server that 

does not belong to said first class, and 
indicates that a user has been authenticated by said 

access control system; 

Sa l.^ St . S " V !u detenniimi « *■> «*« has been 
authenticated by said access control system based on 
said particular dau item; and 

in response to said first server determiiiing that said user 
may access said resource, transmitting access control 
informat.on m a first data item of said first dau items. 

16^The computer-readable medium of claim 15, further 
including the steps of: 

receiving a first request from said client to access said 
resource; 

o^tennining that «*> <&> «M transmit particular 
access control information in conjunction with said first 
request that may be used to determine whether said 
cuent may access said resource; and 
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m response to deiernuDiog that said client did not transmit 
said pamcukr access control information in conK- 
Uon with , said first request, said first server causing said 
client to transmit a second request to said secondlerver 
lodetcraiine access rights of said client 
«»H n ^ «W-««IabIe medium of claim 16, wherein 
said particular data item was transmitted to said client from 

ITZ^J*™ 10 «■* ^ ™ deterSn 

ing that said user has been authenticated 

18. The computer-readable medium of claim 17, wherein 
said second server determining that said user has been 
autated includes said second server cau^og satdS 
to log-in to said access control system to be authenticated by 
said access control system. y 

19. The computer-readable medium of claim 17, wherein 
said second server deterrnining that said user hal b^n 
au^enncated includes said second server, determinkgfet 
s^erT' authenticated by said access control 

20. The computer-readable medium of claim 19, wherein 
said second server determining that said user has Tet 

examining one or more cookies that are associated with a 
firs^sTrvT 6 3SSOCii * d ^ **™ but not said 

21. Amethod of controlling access to a resource protected 
by an access control system that uses access control infor- 
mation transmitted in cookies to determine whether access 
may be permitted, the method comprising the steps of 

a first server receiving a particular data item from a client 
wherein said first server transmits and receives access' 
control information generated by said access control 
system m cookies associated with a first domain- 
wherein said first server belongs to said first domain- 
wherein said particular data item- 
was transmitted to said client from a second server 

that does not belong to said first domain, and 
indicates that a user has been authenticated by said 
access control system; 
said first server determining that said user has been 
authenticated by said access control system based on 
said particular data item; and 
in response to said first server determining that said user 
may access said resource, transmitting access control 
mformation in a cookie associated with the first domain 
to said client. 

22. The method of claim 21, further including the steps of 
receiving a first request from said client to access said 
resource; 

determining that said client did not transmit particular 
access control mformation in conjunction with said first 
request that may be used to determine whether said 
client may access said resource; and 
in response to deterrnining that said client did not transmit 
said particular access control information in conjunc- 
tion with said first request, said first server causing said 
client to transmit a second request to said second server 
to determine access rights of said client 

23. The method of claim 22, wherein said particular data 
item was transmitted to said client from a second server in 
response to said second server determining that said user has 
been authenticated. 

24. Amethod of controlling access to a resource protected 
by an access control system that uses access control infor- 
mation transmitted in conjunction with requests to access the 
resource to determine whether access may be permitted, the 
method comprising the steps of 
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control ^formation general by said^TcS 
Win first ^ i[ems tha( J ESSE 
sud client to one or more servers belonging to . fiS 5 

W 10 ^ fr ° m a ^ «ver tha, 

does not belong to said first class, and 

indicates that a user has been authenticated by said 10 
access control system; y 0 

said first server determining that said user has been 

autbenUcated by said access control sys£m bSeTon 

said particular data item; and 
in response to said first server determining that said user 

may access said resource, transmit^acc^com^ 

SSST 3 ** - 

25. n* method of claim 24, further including the steps of- 
"SL 1 . ^ ^ -id client to access said 
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determining that said client did not transmit particular 
access control information in conjunction with said first 
request mat may be used to determine whether £d 
client may access said resource; and 
in response to determining th a , said client did not transmit 
said particular access control information in conjunc- 
tion with said first request, said first server causing said 
client to transmit a second request l0 said second server 
to determine access rights of said client 
26 Jbc method of claim 25, wherein said particular data 
item was transmitted to said client from a second server in 
msponse tosaid second server determining tha, said use ^2 
is been authenticated. nas 

browsed ° f ^ 25 ' Mid clie ™ « • 

are1ooats metb0d iten * 
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